4

I am following the instructions as given here.

I used the following command to get a running cluster, in gcloud console I typed: curl -sS https://get.k8s.io | bash as described in the link, after that, I ran the command kubectl cluster-info from that I got:

kubernetes-dashboard is running at https://35.188.109.36/api/v1/proxy/namespaces/kube-
system/services/kubernetes-dashboard

but when I go to that url from firefox, the message that comes is: 

User "system:anonymous" cannot proxy services in the namespace 
"kube-system".: "No policy matched."

Expected behavior: Should ask for an admin name and password to connect to the dashboard.

Inanc Gumus
  • 25,195
  • 9
  • 85
  • 101
Akash
  • 939
  • 1
  • 8
  • 27
  • 1
    what version of kubernetes your using? this document may be < 1.5, in 1.6 they enabled RBAC, we can can't access like this. – sfgroups Jun 13 '17 at 15:48
  • @sfgroups its 1.6.4 version, so how do I access the dashboard anyways ? – Akash Jun 13 '17 at 17:53
  • you can look at this answer: https://stackoverflow.com/questions/44411940/how-to-generate-the-configuration-to-connect-to-a-remote-kubernetes-host/44412468#44412468 – sfgroups Jun 13 '17 at 19:46

4 Answers4

2

Is there a reason why you did not use GKE (Google Kubernetes Engine) which provides the dashboard add-on installed out of the box?

In your case, simply:

  • the kubernetes-dashboard addon might not be installed (but logs say so, so I think this is not the problem)
  • network configuration that makes kubectl proxy work might not be there
  • the curl .. | sh script you used probably did not configure the authentication properly.

I recommend using GKE as this works out of the box. You can find documentation here: https://cloud.google.com/kubernetes-engine/docs/oss-ui

If you still want to use GCE, I recommend running kubectl proxy on your workstation (not your kubernetes nodes) and visiting http://127.0.0.1:8001/ui on your browser to see if it works.

If you get an error about not having enough permissions, you might be using a Kubernetes version new enough that enforces RBAC policies on pods like dashboard which access the API. You can grant those permissions by running:

kubectl create clusterrolebinding add-on-cluster-admin  \
  --clusterrole=cluster-admin  \
  --serviceaccount=kube-system:default

I also recommend trying out GKE UI in Google Cloud Console: https://console.cloud.google.com/kubernetes

ahmet alp balkan
  • 42,679
  • 38
  • 138
  • 214
0

What you're looking for is being deprecated. We need to use Cloud Console dashboards, here.

Official Message:

The open source Kubernetes Dashboard addon is deprecated for clusters on GKE and will be removed as an option in version 1.15. It is recommended to use the alternative Cloud Console dashboards described on this page.

Inanc Gumus
  • 25,195
  • 9
  • 85
  • 101
0

If you choose to deploy k8s on Google Compute Engine it is still possible to access the dashboard. True if the instructions at kubernetes.io/docs/setup/ are followed, you will receive 403's as described.

Firstly you need to deploy a 'dashboard deployment' run this command;

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml

Once created (in the kube-system namespace btw), create a clusterrolebinding with this command;

kubectl create clusterrolebinding add-on-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:default

Run the following to get a token; kubectl config view | grep token

Next run a kubectl proxy with command; kubectl proxy

You will now be able to access the dashboard at uri below. You will need to pass the token from above to authenticate, and that's it...

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

Paddy Popeye
  • 1,634
  • 1
  • 16
  • 29
-5

you can run kubectl proxy locally and access it at http://localhost:8001/ui

Jordan Liggitt
  • 16,933
  • 2
  • 56
  • 44